trude/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update scripts and work on server setup

Browse Source
This commit is contained in:
TrudeEH
2025-07-23 18:43:58 +01:00
parent 5e7854b7f3
commit 6966007060
8 changed files with 427 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/.env
View File

@@ -1,9 +1,21 @@
TZ=Europe/Lisbon
# Nginx
NGINX_DATA=/mnt/md0/nginx/data
NGINX_LETSENCRYPT=/mnt/md0/nginx/letsencrypt
# Nextcloud
NEXTCLOUD_DATA=/mnt/md0/nextcloud/data
NEXTCLOUD_DB_DATA=/mnt/md0/nextcloud/db
NEXTCLOUD_DB_PASSWORD=K7m9P2xQ8vN3rY6sL4dF1jH5eW9zB2cX
REDIS_PASSWORD=R3d1sP@ssw0rd2025SecureCache
# Gitea
GITEA=/mnt/md0/gitea
# -------------------
# Immich
TZ=Europe/Lisbon
IMMICH_UPLOAD_LOCATION=/mnt/md0/immich/uploads
IMMICH_DB_DATA_LOCATION=/mnt/md0/immich/db
IMMICH_VERSION=release
@@ -24,8 +36,6 @@ PIHOLE=/mnt/md0/pihole
FTLCONF_webserver_api_password="wX<|h(mav(;rGU}FTrz<)x<(J"
FTLCONF_dns_listeningMode=all # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
# Gitea
GITEA=/mnt/md0/gitea
# FileBrowser
FILEBROWSER_DATA=/mnt/md0/files

494
server/docker-compose.yml
View File

@@ -11,265 +11,293 @@ services:
container_name: nginx-proxy-manager
ports:
- "80:80"
- "81:81"
- "81:81" # Admin interface
- "443:443"
environment: # Uncomment this if IPv6 is not enabled on your host
- DISABLE_IPV6=true # Uncomment this if IPv6 is not enabled on your host
environment:
- DISABLE_IPV6=true
volumes:
- ${NGINX_DATA}:/data
- ${NGINX_LETSENCRYPT}:/etc/letsencrypt
networks:
- server-network
# --- Immich Server ---
immich-server: # immich-server:2283
container_name: immich-server
image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
# Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
- ${IMMICH_UPLOAD_LOCATION}:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
env_file:
- .env
# --- Nextcloud ---
nextcloud: # :80
image: nextcloud:latest
restart: unless-stopped
container_name: nextcloud
depends_on:
- redis
- database
restart: unless-stopped
healthcheck:
disable: false
networks:
- server-network
immich-machine-learning:
container_name: immich-machine-learning
# For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- model-cache:/cache
env_file:
- .env
restart: unless-stopped
healthcheck:
disable: false
networks:
- server-network
redis:
container_name: immich-redis
image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
healthcheck:
test: redis-cli ping || exit 1
restart: unless-stopped
networks:
- server-network
database:
container_name: immich-postgres
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
- nextcloud-db
- nextcloud-redis
environment:
POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD}
POSTGRES_USER: ${IMMICH_DB_USERNAME}
POSTGRES_DB: ${IMMICH_DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: "--data-checksums"
# Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
B_STORAGE_TYPE: "HDD"
- POSTGRES_HOST=nextcloud-db
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
- NEXTCLOUD_TRUSTED_DOMAINS=localhost
volumes:
# Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
- ${IMMICH_DB_DATA_LOCATION}:/var/lib/postgresql/data
restart: unless-stopped
- ${NEXTCLOUD_DATA}:/var/www/html
networks:
- server-network
- nextcloud-network
# --- Home Assistant ---
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
env_file:
- .env
volumes:
- ${HA_CONFIG}:/config
- /etc/localtime:/etc/localtime:ro
- /run/dbus:/run/dbus:ro
nextcloud-db:
image: postgres:latest
restart: unless-stopped
# devices:
# - /dev/ttyUSB0:/dev/ttyUSB0
privileged: true
network_mode: host
# ports:
# - "8123:8123"
esphome:
container_name: esphome
image: ghcr.io/esphome/esphome:latest
volumes:
- ${ESPHOME_CONFIG}:/config
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped
privileged: true
network_mode: host
# ports:
# - "6052:6052"
env_file:
- .env
# openwakeword:
# image: homeassistant/amd64-addon-openwakeword:latest
# container_name: openwakeword
# entrypoint: python3
# command: >
# -m wyoming_openwakeword
# --uri 'tcp://0.0.0.0:10400'
# --preload-model 'ok_nabu'
# --custom-model-dir /share/openwakeword
# env_file:
# - .env
# ports:
# - 10400:10400
# volumes:
# - ${OWW_DATA}:/data
# - ${OWW_CUSTOM_MODEL_DIR}:/share/openwakeword
# restart: unless-stopped
piper:
image: homeassistant/amd64-addon-piper:latest
container_name: piper
entrypoint: python3
command: >
-m wyoming_piper
--piper '/usr/share/piper/piper'
--uri 'tcp://0.0.0.0:10200'
--length-scale "1"
--noise-scale "0.667"
--speaker "0"
--voice "en_US-lessac-medium"
--max-piper-procs "1"
--data-dir /data
--data-dir /share/piper
--download-dir /data
network_mode: host
# ports:
# - "10200:10200"
volumes:
- ${PIPER_DATA}:/data
restart: unless-stopped
whisper:
image: homeassistant/amd64-addon-whisper:latest
container_name: whisper
entrypoint: python3
command: >
-m wyoming_faster_whisper
--uri tcp://0.0.0.0:10300
--model small-int8
--beam-size 1
--language en
--data-dir /data
--download-dir /data
network_mode: host # Needed to use localhost in HA interface
# ports:
# - "10300:10300"
env_file:
- .env
volumes:
- ${WHISPER_DATA}:/data
restart: unless-stopped
# --- Pi-hole ---
# pihole:
# container_name: pihole
# image: pihole/pihole:latest
# ports:
# # DNS Ports
# - "53:53/tcp"
# - "53:53/udp"
# # Default HTTP Port
# - "2100:80/tcp"
# - "2101:443/tcp"
# env_file:
# - .env
# volumes:
# - "${PIHOLE}:/etc/pihole"
# cap_add:
# # Optional, if Pi-hole should get some more processing time
# - SYS_NICE
# restart: unless-stopped
# --- File Browser ---
filebrowser: # Replace with nextcloud
image: filebrowser/filebrowser:latest
container_name: filebrowser
restart: unless-stopped
ports:
- "8080:80"
volumes:
- ${FILEBROWSER_DATA}:/srv
- ${FILEBROWSER_CONFIG}:/config
- ${FILEBROWSER_DATABASE}:/database
container_name: nextcloud-db
environment:
- FB_DATABASE=/database/filebrowser.db
- FB_CONFIG=/config/filebrowser.json
env_file:
- .env
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
volumes:
- ${NEXTCLOUD_DB_DATA}:/var/lib/postgresql/data
networks:
- nextcloud-network
nextcloud-redis:
image: redis:alpine
restart: unless-stopped
container_name: nextcloud-redis
command: redis-server --requirepass ${REDIS_PASSWORD}
networks:
- nextcloud-network
# --- Gitea ---
gitea:
gitea: # :3000
image: gitea/gitea:latest
container_name: gitea
restart: unless-stopped
volumes:
- ${GITEA}:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- server-network
ports:
- "3001:3000"
- "22:22"
# --- Prosody XMPP Server ---
prosody:
image: prosody/prosody:latest
container_name: prosody
restart: unless-stopped
ports:
- "5222:5222" # XMPP client connections
- "5269:5269" # XMPP server-to-server connections
- "5280:5280" # HTTP/WebSocket connections
- "5281:5281" # HTTPS/WebSocket connections (if SSL configured)
volumes:
- ${PROSODY_CONFIG}:/etc/prosody
- ${PROSODY_LOGS}:/var/log/prosody
- ${PROSODY_MODULES}:/usr/lib/prosody-modules
env_file:
- .env
# # --- Immich Server ---
# immich-server: # immich-server:2283
# container_name: immich-server
# image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# # extends:
# # file: hwaccel.transcoding.yml
# # service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
# volumes:
# # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
# - ${IMMICH_UPLOAD_LOCATION}:/usr/src/app/upload
# - /etc/localtime:/etc/localtime:ro
# env_file:
# - .env
# depends_on:
# - redis
# - database
# restart: unless-stopped
# healthcheck:
# disable: false
# networks:
# - server-network
# --- N8n Automation ---
n8n:
image: n8nio/n8n:latest
restart: always
# N8n will not be directly exposed to the host, Nginx Proxy Manager will proxy to it
# Therefore, no 'ports' mapping is needed here for external access.
# It will be accessible on the Docker network by Nginx Proxy Manager.
environment:
- N8N_HOST=${N8N_HOST}
- N8N_PORT=5678
- N8N_PROTOCOL=https # Nginx Proxy Manager will handle HTTPS
- NODE_ENV=production
- WEBHOOK_URL=https://${N8N_HOST}/
- GENERIC_TIMEZONE=${TZ}
- N8N_RUNNERS_ENABLED=true
- N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
volumes:
- ${N8N_DATA}:/home/node/.n8n
- ${N8N_FILES}:/files
env_file:
- .env
# immich-machine-learning:
# container_name: immich-machine-learning
# # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
# # Example tag: ${IMMICH_VERSION:-release}-cuda
# image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# # file: hwaccel.ml.yml
# # service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
# volumes:
# - model-cache:/cache
# env_file:
# - .env
# restart: unless-stopped
# healthcheck:
# disable: false
# networks:
# - server-network
# redis:
# container_name: immich-redis
# image: docker.io/valkey/valkey:8-bookworm@sha256:fec42f399876eb6faf9e008570597741c87ff7662a54185593e74b09ce83d177
# healthcheck:
# test: redis-cli ping || exit 1
# restart: unless-stopped
# networks:
# - server-network
# database:
# container_name: immich-postgres
# image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0
# environment:
# POSTGRES_PASSWORD: ${IMMICH_DB_PASSWORD}
# POSTGRES_USER: ${IMMICH_DB_USERNAME}
# POSTGRES_DB: ${IMMICH_DB_DATABASE_NAME}
# POSTGRES_INITDB_ARGS: "--data-checksums"
# # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
# B_STORAGE_TYPE: "HDD"
# volumes:
# # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
# - ${IMMICH_DB_DATA_LOCATION}:/var/lib/postgresql/data
# restart: unless-stopped
# networks:
# - server-network
# # --- Home Assistant ---
# homeassistant:
# container_name: homeassistant
# image: "ghcr.io/home-assistant/home-assistant:stable"
# env_file:
# - .env
# volumes:
# - ${HA_CONFIG}:/config
# - /etc/localtime:/etc/localtime:ro
# - /run/dbus:/run/dbus:ro
# restart: unless-stopped
# # devices:
# # - /dev/ttyUSB0:/dev/ttyUSB0
# privileged: true
# network_mode: host
# # ports:
# # - "8123:8123"
# esphome:
# container_name: esphome
# image: ghcr.io/esphome/esphome:latest
# volumes:
# - ${ESPHOME_CONFIG}:/config
# - /etc/localtime:/etc/localtime:ro
# restart: unless-stopped
# privileged: true
# network_mode: host
# # ports:
# # - "6052:6052"
# env_file:
# - .env
# # openwakeword:
# # image: homeassistant/amd64-addon-openwakeword:latest
# # container_name: openwakeword
# # entrypoint: python3
# # command: >
# # -m wyoming_openwakeword
# # --uri 'tcp://0.0.0.0:10400'
# # --preload-model 'ok_nabu'
# # --custom-model-dir /share/openwakeword
# # env_file:
# # - .env
# # ports:
# # - 10400:10400
# # volumes:
# # - ${OWW_DATA}:/data
# # - ${OWW_CUSTOM_MODEL_DIR}:/share/openwakeword
# # restart: unless-stopped
# piper:
# image: homeassistant/amd64-addon-piper:latest
# container_name: piper
# entrypoint: python3
# command: >
# -m wyoming_piper
# --piper '/usr/share/piper/piper'
# --uri 'tcp://0.0.0.0:10200'
# --length-scale "1"
# --noise-scale "0.667"
# --speaker "0"
# --voice "en_US-lessac-medium"
# --max-piper-procs "1"
# --data-dir /data
# --data-dir /share/piper
# --download-dir /data
# network_mode: host
# # ports:
# # - "10200:10200"
# volumes:
# - ${PIPER_DATA}:/data
# restart: unless-stopped
# whisper:
# image: homeassistant/amd64-addon-whisper:latest
# container_name: whisper
# entrypoint: python3
# command: >
# -m wyoming_faster_whisper
# --uri tcp://0.0.0.0:10300
# --model small-int8
# --beam-size 1
# --language en
# --data-dir /data
# --download-dir /data
# network_mode: host # Needed to use localhost in HA interface
# # ports:
# # - "10300:10300"
# env_file:
# - .env
# volumes:
# - ${WHISPER_DATA}:/data
# restart: unless-stopped
# # --- Pi-hole ---
# # pihole:
# # container_name: pihole
# # image: pihole/pihole:latest
# # ports:
# # # DNS Ports
# # - "53:53/tcp"
# # - "53:53/udp"
# # # Default HTTP Port
# # - "2100:80/tcp"
# # - "2101:443/tcp"
# # env_file:
# # - .env
# # volumes:
# # - "${PIHOLE}:/etc/pihole"
# # cap_add:
# # # Optional, if Pi-hole should get some more processing time
# # - SYS_NICE
# # restart: unless-stopped
# # --- Prosody XMPP Server ---
# prosody:
# image: prosody/prosody:latest
# container_name: prosody
# restart: unless-stopped
# ports:
# - "5222:5222" # XMPP client connections
# - "5269:5269" # XMPP server-to-server connections
# - "5280:5280" # HTTP/WebSocket connections
# - "5281:5281" # HTTPS/WebSocket connections (if SSL configured)
# volumes:
# - ${PROSODY_CONFIG}:/etc/prosody
# - ${PROSODY_LOGS}:/var/log/prosody
# - ${PROSODY_MODULES}:/usr/lib/prosody-modules
# env_file:
# - .env
# # --- N8n Automation ---
# n8n:
# image: n8nio/n8n:latest
# restart: always
# # N8n will not be directly exposed to the host, Nginx Proxy Manager will proxy to it
# # Therefore, no 'ports' mapping is needed here for external access.
# # It will be accessible on the Docker network by Nginx Proxy Manager.
# environment:
# - N8N_HOST=${N8N_HOST}
# - N8N_PORT=5678
# - N8N_PROTOCOL=https # Nginx Proxy Manager will handle HTTPS
# - NODE_ENV=production
# - WEBHOOK_URL=https://${N8N_HOST}/
# - GENERIC_TIMEZONE=${TZ}
# - N8N_RUNNERS_ENABLED=true
# - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
# volumes:
# - ${N8N_DATA}:/home/node/.n8n
# - ${N8N_FILES}:/files
# env_file:
# - .env
volumes:
model-cache:
@@ -277,5 +305,7 @@ volumes:
networks:
server-network:
driver: bridge
nextcloud-network:
driver: bridge
homeassistant-network:
driver: bridge

43
server/install-docker.sh
View File

@@ -1,43 +0,0 @@
#!/bin/sh
set -e
if ! command -v curl >/dev/null 2>&1; then
echo "curl is required. Installing curl..."
sudo apt update
sudo apt install -y curl
fi
echo "Updating package index..."
sudo apt update
echo "Installing required packages..."
sudo apt install -y ca-certificates curl gnupg lsb-release
echo "Adding Docker's official GPG key..."
sudo mkdir -p /etc/apt/keyrings
curl -fsSL "https://download.docker.com/linux/$(
. /etc/os-release
echo "$ID"
)/gpg" | sudo gpg --dearmor >/tmp/docker.gpg
sudo mv /tmp/docker.gpg /etc/apt/keyrings/docker.gpg
sudo chmod 644 /etc/apt/keyrings/docker.gpg
echo "Setting up the Docker repository..."
ARCH=$(dpkg --print-architecture)
OS_ID=$(awk -F= '/^ID=/{gsub(/\"/, "", $2); print $2}' /etc/os-release)
RELEASE=$(lsb_release -cs)
echo "deb [arch=$ARCH signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$OS_ID $RELEASE stable" |
sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
echo "Updating package index (with Docker repo)..."
sudo apt update
echo "Installing Docker Engine..."
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
echo "Docker installation complete!"
docker --version
echo "Allowing Docker use without sudo..."
sudo usermod -aG docker ${USER}
exec sg docker newgrp

7
server/upnpc-close.sh
View File

@@ -1,7 +0,0 @@
#!/bin/sh
# Close all upnpc ports
upnpc -l | sed -n 's/^[[:space:]]*[0-9]\+\s\+\(TCP\|UDP\)\s\+\([0-9]\+\).*/\1 \2/p' | while read proto port; do
upnpc -d "$port" "$proto"
done